Researcher Documentation

Welcome to the researcherdocs developer hub. You'll find comprehensive guides and documentation to help you start working with researcherdocs as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started

Researcher Dashboard

Your Researcher Dashboard is private to you and provides you with insights into how you have been performing across all programs. The information on the dashboard is very similar to what appears on your Researcher Profile (if shared publicly), but the dashboard has more granular detail:

  • Control the visibility of information on public facing pages, such as leaderboards and your public profile.
  • Drill down into your submission stats by year, last 90 days, and the current month.
  • See a breakdown of reported vulnerabilities by vulnerability type.

Note:

You control our researcher profile can be set to public so that anyone can view it.
To learn more about your researcher profile, see the Researcher Profile.

Your Dashboard

Your dashboard contains the following information:

  • Your rank
  • The total number of points you've earned on programs with financial rewards
  • Your location
  • Profile badges which indicate if you have completed the optional Identity Verification and/or a Background Check
  • Your all-time performance stats, which include the number of vulnerabilities you've reported, the accuracy of your submissions, and the severity of the vulnerabilities you've reported
  • A breakdown of the target types you've reported on

Your Rank and Points

Your rank reflects your overall standing compared to all other researchers on the Bugcrowd platform. Your rank is determined by your total number of points compared to other researchers. The more points you have, the higher your rank.

Your all-time points and current rank are visible directly below your avatar and Bugcrowd username.

Set Your Researcher Profile to Public or Private

From your dashboard, you can share your researcher profile publicly or choose to not to do so.

  • To share your profile publicly, go to the upper right side of your dashboard and toggle the ‘Allow others to view your profile’ button.
  • If you do not wish for your profile to be public, toggle the button again to reset it to private.

If you toggle the option off, your profile will not be accessible to anyone and you will appear as "Private user" on all publicly facing pages, including leaderboards.

Quick Links Panel

This panel provides quick access to valuable Bugcrowd resources, like platform documentation and program guidance and is located on the right side of the page.

The following resources are provided:

  • Code of Conduct - Outlines the expected behaviour of all Bugcrowd community members participating in bug bounty programs, Bugcrowd online community offerings such as the Bugcrowd Community Forum, the Bugcrowd Researcher slack channel, BugBashes, as well as any other programs that may be offered by Bugcrowd.
  • Standard Disclosure Terms - Bugcrowd's standard guidelines and rules of engagement for crowdsourced security program participation. This, along with the program bounty brief outline rules and expectations to be followed when testing and submitting vulnerabilities on any given program.
  • Bugcrowd University - Quick access to security, education, and training for the whitehat hacker community.
  • Platform Resources - Quick access to news, guides, webinars, and other resources on Bugcrowd and the broader crowdsourced security industry.
  • Documentation - Bugcrowd's Crowdcontrol documentation built to help you better understand the platform.
  • Bugcrowd Blog - All things happening with Bugcrowd including any new program announcements, product and feature launches, bug bounty education, and more.
  • Changelog - lists important feature improvements and updates to the platform.

Your Performance Stats

Your performance stats provide an overview of your submissions, which can be viewed under “Performance Stats” and “Reported Vulnerabilities” in the middle of the page. You can track how you are doing overtime or within a certain time frame by selecting a time range (All-time, Year-to-date, Last 90 days, or Current month) to change the view. These stats will adjust with time - as you make submissions!

Your performance stats include the following information:

  • Vulnerabilities - The total number of valid vulnerabilities. These include submissions marked as unresolved, resolved, duplicate, or won't fix.
  • Accuracy - This measures the percentage of submissions that are valid. This metric is calculated by dividing your total number of valid vulnerabilities submitted over your total number of submissions.
  • Average Severity - This is measured by looking at all of your valid vulnerabilities, adding up the total number by its technical severity, based on a scale from 1 to 4 and dividing that number by total valid submissions.
    -- The Scale - 1 represents a P1, the most critical vulnerability, and 4 represents a P4, the lowest critical vulnerability.
    -- Example: P1 = 2, P2 = 0, P3 = 3, and P4 = 4 ---> total = 1+1+3+3+3+4+4+4+4 = 28/9 = average technical severity = 3.11
  • Reported Vulnerabilities - This graph provides a chronological snapshot of your total number of valid and invalid vulnerabilities that you have ever submitted. The view can be changed to reflect severity or volume, as seen in the next two images:
  • Submission Type Breakdown and Severity - This tracks the volume of submissions based on the target type (e.g. IoT, Website, API, iOS, Android, Hardware, Other, Not Categorized) and provides a graph of their technical severity.

Looking for more programs?

This section can be found underneath the Quick Links and outlines the requirements needed to be invited to private programs.

Hall of Fame

Once you have had some submissions accepted, your Hall of Fame box will appear on the lower right corner of your profile, showing icons of all the programs you have qualified for "Hall(s) of Fame" on. If the program is public, the program and the number of points you received will be displayed if you hover your mouse over the Program's icon.

  • Total represents all programs you have qualified for, both public and private
  • Private represents of your total HOF's, how many have been private programs

Do Not Share Your Private Dashboard "Hall Of Fame" Publicly

Icons of Private Programs are shown in this view. If you share this image publicly, you are disclosing the existence of a Private Program, which is prohibited on Bugcrowd. The version on your Public Researcher Profile is a safe, sanitized version which may be shared across social media.

Please refer to the Getting on a Program's Hall of Fame for more information.

Researcher Dashboard


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.